Trend Micro Threat Discovery Appliance admin_sys_time.cgi Remote Command Execution
Posted by deepcore on April 20, 2017 – 6:38 am
This Metasploit module exploits two vulnerabilities the Trend Micro Threat Discovery Appliance. The first is an authentication bypass vulnerability via a file delete in logoff.cgi which resets the admin password back to ‘admin’ upon a reboot (CVE-2016-7552). The second is a cmd injection flaw using the timezone parameter in the admin_sys_time.cgi interface (CVE-2016-7547).
Post a reply
You must be logged in to post a comment.